Why is "data breach" in scare quotes? There was indeed a data breach, so the case against LabMD seems real enough. If it happened because they weren't following reasonable practices, the FTC response might be entirely justified.
Now, the problem being that the data breach was done by Tiversa. It seems to me that in a case where you know who the attacker was and that they stole this data for profit (additionally, profit by extortion), the penalties for the attacker should be much more severe than for the breached company. Regardless of whether the company was negligent or not. Also, if they reported this to the FTC as a "unknown attacker" type of breach that they just happened to "detect", isn't that attempting to defraud the federal government as well?
Could have been that Tiversa was given access to the infrastructure, so even if it was a breach it was more of the "Snowden"-type than of some random hacker from the outside. Still a breach, but one much harder to do anything about.
This is such a confusing and poorly written article, I don't even know where to start.
"The cybersecurity firm then alerted LabMD it had been hacked. Tiversa offered it emergency "incident response" cybersecurity services. After the lab refused the offer, Tiversa threatened to tip off federal regulators about the "data breach."
When LabMD still refused, Tiversa let the Federal Trade Commission know about the "hack.""
Not an expert, but this is the first time I've heard people trying to out companies with bad ops sec to the FTC?? Can someone explain how or why this is legal?
Then it gets really weird:
"The FTC went after the lab, giving the company a choice: sign a consent decree (basically a plea deal which means years of audits and a nasty public statement) or fight in court. The CEO of LabMD, Michael Daugherty, chose to fight, because a plea deal would have tarnished his reputation and killed the business anyway, he said."
So basically the government can force a business to close down if they don't comply with years of oversight and negative public comments? Somehow this seems really sketchy.
The article basically concludes Tiversa has done this multiple times to other companies as well. I guess this means in order to make a bunch of money I can start a private security company, hire some hackers and then extort money from businesses if they don't hire me and then turn them over to the FTC, who in turn, makes them go out of business?
If this is the case, this is pretty fucking scary.
The article makes it sound like Tiversa hacked LabMD deliberately in order to blackmail them. While that is possible, the article doesn't mention how, and it doesn't mention that the files were supposedly found on LimeWire. Terrible journalism.
Seems like this is a poor piece of journalism. Other sources indicate that the data breach was one of the employee using Limewire to listen to music, accidently sharing thousands of clients informations on the network by that mean.
It looks like the FTC didn't do it due diligence to ensure that the evidence presented against LabMD was legitimate? Of course, none of us would really be surprised if this is the case.
Unfortunately, even if Tiversa is found to be at fault, LabMD is still probably beyond recovery now that it's closed up shop.
It sounds like they really did get hacked. Isn't the whole point of the lawsuit that they were too insecure with sensitive information, and therefore justifiable?
"Wallace said he tapped into LabMD's computers and pulled the medical records. The cybersecurity firm then alerted LabMD it had been hacked."
Well, Tiversa scanned LimeWire for PII and found a file containing billing records of patients on a PC belonging to LabMD. They copied the file and eventually gave it to the FTC, apparently claiming they found it on multiple computers on the LimeWire network.
Wallace (the whistleblower) claims that he created some false information that Tiversa sent to the FTC. That article mentions some doubt about the previous claims that the source of the leak was LimeWire, but doesn't give an alternate source.
how can they get away with this? this is like mafia and the government joining forces to fuck over hard working folks.
everyday America is going down the shit drain. spying on it's own citizens, allies, friends, secret CIA torture sites, police brutality & militrization, Monsanto, Dow Jones Chemical, Facebook, the list goes on.
That's wishful thinking. The only way things change is if someone wants them to change and fights for it to happen. That means it's a slow, laborious process for the most part.
Now, the problem being that the data breach was done by Tiversa. It seems to me that in a case where you know who the attacker was and that they stole this data for profit (additionally, profit by extortion), the penalties for the attacker should be much more severe than for the breached company. Regardless of whether the company was negligent or not. Also, if they reported this to the FTC as a "unknown attacker" type of breach that they just happened to "detect", isn't that attempting to defraud the federal government as well?